Severity: Medium
Invicti detected that a critical form's action is targetted an HTTP resource.
If an attacker can intercept network traffic, he/she can steal users' credentials. In this case even though the form is served over HTTPS, it'll be submitted to an HTTP resource. This defeats the purpose of SSL protection for this form.